<!DOCTYPE html>



  


<html class="theme-next muse use-motion" lang="zh-Hans">
<head>
  <meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />
















  
  
  <link href="/blog/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />







<link href="/blog/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />

<link href="/blog/css/main.css?v=5.1.4" rel="stylesheet" type="text/css" />


  <link rel="apple-touch-icon" sizes="180x180" href="/blog/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/blog/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/blog/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/blog/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Hexo, NexT" />










<meta name="description" content="一提到HTTPS，第一印象就是安全，可是具体怎么安全，为什么安全，可能就说不上来，我不断查阅了资料，对HTTPS也有了一定的理解，现在用一个比较恰当的故事来表示HTTPS的由来. 0. 背景A、B、C是同班同学，A和B同时喜欢C，A、B、C坐位依次。大家可以把A理解为客户端、B理解为中间网络（网络设备、运营商、中间服务器），C理解为服务器 1. 阶段1（HTTP）有一天A发明了递纸条的方法，于是A">
<meta property="og:type" content="article">
<meta property="og:title" content="HTTPS协议的由来">
<meta property="og:url" content="http://smallmuou.gitee.io/blog/2017/04/06/2017-04-06-HTTPS协议的由来/index.html">
<meta property="og:site_name" content="smallmuou&#39;s blog">
<meta property="og:description" content="一提到HTTPS，第一印象就是安全，可是具体怎么安全，为什么安全，可能就说不上来，我不断查阅了资料，对HTTPS也有了一定的理解，现在用一个比较恰当的故事来表示HTTPS的由来. 0. 背景A、B、C是同班同学，A和B同时喜欢C，A、B、C坐位依次。大家可以把A理解为客户端、B理解为中间网络（网络设备、运营商、中间服务器），C理解为服务器 1. 阶段1（HTTP）有一天A发明了递纸条的方法，于是A">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2020-04-16T01:15:21.930Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="HTTPS协议的由来">
<meta name="twitter:description" content="一提到HTTPS，第一印象就是安全，可是具体怎么安全，为什么安全，可能就说不上来，我不断查阅了资料，对HTTPS也有了一定的理解，现在用一个比较恰当的故事来表示HTTPS的由来. 0. 背景A、B、C是同班同学，A和B同时喜欢C，A、B、C坐位依次。大家可以把A理解为客户端、B理解为中间网络（网络设备、运营商、中间服务器），C理解为服务器 1. 阶段1（HTTP）有一天A发明了递纸条的方法，于是A">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/blog/',
    scheme: 'Muse',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://smallmuou.gitee.io/blog/2017/04/06/2017-04-06-HTTPS协议的由来/"/>





  <title>HTTPS协议的由来 | smallmuou's blog</title>
  








</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/blog/"  class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">smallmuou's blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"><a href="https://github.com/smallmuou">https://github.com/smallmuou</a></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/blog/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/blog/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/blog/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br />
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/blog/about/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br />
            
            关于
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="http://smallmuou.gitee.io/blog/blog/2017/04/06/2017-04-06-HTTPS协议的由来/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="smallmuou">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/blog/images/avatar.gif">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="smallmuou's blog">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">HTTPS协议的由来</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2017-04-06T00:00:00+08:00">
                2017-04-06
              </time>
            

            

            
          </span>

          
            <span class="post-category" >
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/blog/categories/后端/" itemprop="url" rel="index">
                    <span itemprop="name">后端</span>
                  </a>
                </span>

                
                
              
            </span>
          

          

          
          

          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <p>一提到HTTPS，第一印象就是安全，可是具体怎么安全，为什么安全，可能就说不上来，我不断查阅了资料，对HTTPS也有了一定的理解，现在用一个比较恰当的故事来表示HTTPS的由来.</p>
<h3 id="0-背景"><a href="#0-背景" class="headerlink" title="0. 背景"></a>0. 背景</h3><p>A、B、C是同班同学，A和B同时喜欢C，A、B、C坐位依次。大家可以把A理解为客户端、B理解为中间网络（网络设备、运营商、中间服务器），C理解为服务器</p>
<h3 id="1-阶段1（HTTP）"><a href="#1-阶段1（HTTP）" class="headerlink" title="1. 阶段1（HTTP）"></a>1. 阶段1（HTTP）</h3><p>有一天A发明了递纸条的方法，于是A写好纸条，让B帮忙交给C，C收到后，同样方式回复给A</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"> ---           ---           ---</span><br><span class="line">|   |   HTTP  |   |   HTTP  |   |</span><br><span class="line">|   |--------&gt;|   |--------&gt;|   |</span><br><span class="line">| A |   HTTP  | B |   HTTP  | C |</span><br><span class="line">|   |&lt;--------|   |&lt;--------|   |</span><br><span class="line">|   |         |   |         |   |</span><br><span class="line"> ---           ---           ---</span><br></pre></td></tr></table></figure>
<p>问题1：B既然也喜欢C，而B就可以看到A与C写的字条，于是就偷偷篡改里面的内容，于是A与C就无法正常进行通讯</p>
<h3 id="2-阶段2（对称加密）"><a href="#2-阶段2（对称加密）" class="headerlink" title="2. 阶段2（对称加密）"></a>2. 阶段2（对称加密）</h3><p>A在想，竟然B可以看到纸条内容，于是就想到通过加密把纸条内容比为密文，这样大家就看不到里面的内容，可是前提，需要把密码告诉对方，这样对方才能解密。</p>
<p>问题2：如何传递密码呢？因为所有数据都得经过B，如何把这个密码传递给C，直接传递，这样B也就知道了如何解密，这样加密就没有任何意义。</p>
<h3 id="3-阶段3（非对称加密，不受信任访问）"><a href="#3-阶段3（非对称加密，不受信任访问）" class="headerlink" title="3. 阶段3（非对称加密，不受信任访问）"></a>3. 阶段3（非对称加密，不受信任访问）</h3><p>上一阶段提到了如何传递密码，A经过苦思幂想，终于发明了非对称加密（公钥、私钥），即用公钥加密的内容，可以用私钥解密。A、C分别拥有自己的公私钥，于是正常通信过程就如下</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"> ---           ---           ---</span><br><span class="line">|   |----1---&gt;|   |----2---&gt;|   |</span><br><span class="line">|   |&lt;---4----|   |&lt;---3----|   |</span><br><span class="line">| A |----5---&gt;| B |----6---&gt;| C |</span><br><span class="line">|   |&lt;---8----|   |&lt;---7----|   |</span><br><span class="line">|   |&lt;---10--&gt;|   |&lt;---11--&gt;|   |</span><br><span class="line"> ---           ---           ---</span><br><span class="line"></span><br><span class="line">1 2 - 获取C公钥（并发送对称加密算法族）</span><br><span class="line">3 4 - 返回C公钥（返回其中一个加密算法）</span><br><span class="line">5 6 - 发送利用C公钥加密后的A公钥及对称密钥A</span><br><span class="line">7 8 - 发送利用A公钥加密后的对称密钥C</span><br><span class="line">10  - A利用对称密钥C收数据，利用对称密钥A发送数据</span><br><span class="line">11  - C利用对称密钥A收数据，利用对称密钥C发送数据</span><br></pre></td></tr></table></figure>
<p>PS: 这里插入个问题：<code>为何数据不用非对称加密，这样就不用传递对称密钥？</code> 这是因为对称加密效率要比非对称高，因此采用对称加密，可以保证效率，否则HTTPS性能堪忧.</p>
<p>问题3：这样A与C又可以正常通信，直到有天B也发现了公私钥，于是B也生成了公私钥，并采用了如下方式进行信息窃取</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line"> ---           ---           ---</span><br><span class="line">|   |----1---&gt;|   |----2---&gt;|   |</span><br><span class="line">|   |&lt;---4----|   |&lt;---3----|   |</span><br><span class="line">| A |----5---&gt;| B |----6---&gt;| C |</span><br><span class="line">|   |&lt;---8----|   |&lt;---7----|   |</span><br><span class="line">|   |&lt;---10--&gt;|   |&lt;---11--&gt;|   |</span><br><span class="line"> ---           ---           ---</span><br><span class="line"></span><br><span class="line">1 2 - 获取C公钥</span><br><span class="line">3   - 返回C公钥 </span><br><span class="line">4   - 返回B公钥</span><br><span class="line">5   - 发送利用B公钥加密后的A公钥及对称密钥A</span><br><span class="line">6   - 发送利用C公钥加密后的B公钥及对称密钥B</span><br><span class="line">7   - 发送利用B公钥加密后的对称密钥C</span><br><span class="line">8   - 发送利用A公钥加密后的对称密钥B</span><br><span class="line">10  - A利用对称密钥B收数据，利用对称密钥A发送数据</span><br><span class="line">11  - C利用对称密钥B收数据，利用对称密钥C发送数据</span><br></pre></td></tr></table></figure>
<p>PS: 于是A与C又无法正常通信了</p>
<h3 id="4-阶段4（数字证书）"><a href="#4-阶段4（数字证书）" class="headerlink" title="4. 阶段4（数字证书）"></a>4. 阶段4（数字证书）</h3><p>A又经过一夜的苦思幂想，想到了可以使用数字证书方案（所谓数字证书，就相当于身份证，跟人是一一对应的，无法伪造），于是A让C到CA（Certificate Authority）中心申请盖章，因此C就拥有一个由CA盖章的公钥，这样即使B也去申请，但CA认为身份不合法，不给批。这样A在获取到C公钥后会通过CA校验这个公钥是否属于C，因此B就无法伪造，于是B就无法获取到对称密钥，即最终A、C就可以安全地通信。</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"> ---           ---           ---</span><br><span class="line">|   |----1---&gt;|   |----2---&gt;|   |</span><br><span class="line">|   |&lt;---4----|   |&lt;---3----|   |</span><br><span class="line">| A 9----5---&gt;| B |----6---&gt;| C |</span><br><span class="line">|   |&lt;---8----|   |&lt;---7----|   |</span><br><span class="line">|   |&lt;---10--&gt;|   |&lt;---11--&gt;|   |</span><br><span class="line"> ---           ---           ---</span><br><span class="line"></span><br><span class="line">1 2 - 获取C公钥</span><br><span class="line">3 4 - 返回C公钥</span><br><span class="line">9   - A对C公钥进行校验，当确认是C的公钥，则继续会话，否则结束</span><br><span class="line">5 6 - 发送利用C公钥加密后的A公钥及对称密钥A</span><br><span class="line">7 8 - 发送利用A公钥加密后的对称密钥C</span><br><span class="line">10  - A利用对称密钥C收数据，利用对称密钥A发送数据</span><br><span class="line">11  - C利用对称密钥A收数据，利用对称密钥C发送数据</span><br></pre></td></tr></table></figure>
<p>PS: 与阶段3的区别是，多了步骤9，客户端需要对C公钥进行校验。</p>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/blog/2017/04/06/2017-04-06-lighttpd支持HTTPS/" rel="next" title="lighttpd支持HTTPS">
                <i class="fa fa-chevron-left"></i> lighttpd支持HTTPS
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/blog/2017/04/07/2017-04-07-让树莓派播报实时天气/" rel="prev" title="让树莓派播报实时天气">
                让树莓派播报实时天气 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
            
              <p class="site-author-name" itemprop="name">smallmuou</p>
              <p class="site-description motion-element" itemprop="description"></p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/blog/archives/">
              
                  <span class="site-state-item-count">197</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/blog/categories/index.html">
                  <span class="site-state-item-count">12</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            

          </nav>

          

          
            <div class="links-of-author motion-element">
                
                  <span class="links-of-author-item">
                    <a href="https://github.com/smallmuou" target="_blank" title="GitHub">
                      
                        <i class="fa fa-fw fa-globe"></i>GitHub</a>
                  </span>
                
            </div>
          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#0-背景"><span class="nav-number">1.</span> <span class="nav-text">0. 背景</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#1-阶段1（HTTP）"><span class="nav-number">2.</span> <span class="nav-text">1. 阶段1（HTTP）</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#2-阶段2（对称加密）"><span class="nav-number">3.</span> <span class="nav-text">2. 阶段2（对称加密）</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#3-阶段3（非对称加密，不受信任访问）"><span class="nav-number">4.</span> <span class="nav-text">3. 阶段3（非对称加密，不受信任访问）</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#4-阶段4（数字证书）"><span class="nav-number">5.</span> <span class="nav-text">4. 阶段4（数字证书）</span></a></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">smallmuou</span>

  
</div>

    <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>

    <span id="busuanzi_container_site_pv">总访问量<span id="busuanzi_value_site_pv"></span>次</span>
    <span class="post-meta-divider">|</span>



  <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>



  <span class="post-meta-divider">|</span>



  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Muse</a> v5.1.4</div>




        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  












  
  
    <script type="text/javascript" src="/blog/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  


  


  <script type="text/javascript" src="/blog/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/blog/js/src/motion.js?v=5.1.4"></script>



  
  

  
  <script type="text/javascript" src="/blog/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/blog/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/blog/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  












  





  

  

  

  
  

  

  

  

</body>
</html>
